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Abstract. We consider repeated communication sessions between a RFID 
Tag (e.g., Radio Frequency Identification, RFID Tag) and a RFID Veri- 
fier. A proactive information theoretic security scheme is proposed. The 
scheme is based on the assumption that the information exchanged dur- 
ing at least one of every n successive communication sessions is not ex- 
posed to an adversary. The Tag and the Verifier maintain a vector of 
n entries that is repeatedly refreshed by pairwise xoring entries, with a 
new vector of n entries that is randomly chosen by the Tag and sent to 
the Verifier as a part of each communication session. 
The general case in which the adversary does not listen in k > 1 sessions 
among any n successive communication sessions is also considered. A 
lower bound of n- (fc + 1) for the number of random numbers used during 
any n successive communication sessions is proven. In other words, we 
prove that an algorithm must use at least n-(k + l) new random numbers 
during any n successive communication sessions. Then a randomized 
scheme that uses only O(nlogn) new random numbers is presented. 
A computational secure scheme which is based on the information the- 
oretic secure scheme is used to ensure that even in the case that the 
adversary listens in all the information exchanges, the communication 
between the Tag and the Verifier is secure. 

Keywords: Authentication protocol, information theoretic security, com- 
putational security, RFID tags, pseudo-random numbers. 

1 Introduction 

RFID tag is a small microchip, supplemented with an antenna, that transmits a 
unique identifier in response to a query by a reading device. The RFID technology 
is designed for the unique identification of different kinds of objects. According 
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to [15] . RFID communication systems are composed of three major elements: 
(a) RFID Tag carries object identifying data; (b) RFID Verifier interfaces with 
Tags to read or write Tag data; (c) the back-end database aggregates and utilizes 
Tag data collected by Verifiers. 

The RFID Verifier broadcasts an RF signal to access data stored on the tags 
that usually includes a unique identification number. RFID tags are designed as 
low cost devices that use cheap radio transmission media. Such tags have no (or a 
very limited) internal source of power. However they receive their power from the 
reading devices. The range of the basic tags transmission is up to several meters. 
Possible applications of the RFID devices include: RFID-enabled banknotes, li- 
braries, passports, pharmaceutical distribution of drugs, and organization of the 
automobile security system or any key-less entry system. Nevertheless, the wide 
deployment of RFID tags may cause new security and privacy protecting issues. 
RFID tags usually operate in insecure environment. The RFID tag privacy may 
be compromised by the adversary that extracts unencrypted data from the un- 
protected tags. RFID tags are limited devices that cannot support complicated 
cryptographic functions. Hence, there is growing interest in achieving high secu- 
rity and privacy level for the RFID devices, without usage of computationally 
expensive encryption techniques. 

The focus of our paper is the authentication schemes for passive RFID tags. 
We present new proactive and cost effective information theoretic and compu- 
tationally secure authentication protocols for RFIDs. The main scope is one 
sided authentication, where the Verifier has to identify the Tag. Such (non mu- 
tual) one sided authentication is useful in applications in which the Tag may 
have other means to identify (that it is communicating with) the desired Verifier 
(say by being geographically close to the Verifier). Note that a simple exten- 
sion in which symmetric authentication scheme obtains mutual authentication 
is also presented in the sequel. The protocol that copes with the Intruder-in the 
Middle-Attack (IIMA) is introduced as the extended version of the computa- 
tionally secure protocol. 

Background and related work. 

• Security protocols based on standard cryptographic techniques. 

A brief introduction to RFID technology appears in [15] where potential se- 
curity and privacy risks are described. Schemes for providing desired security 
properties in the unique setting of low-cost RFID devices are discussed in [15] . 
The main security risks stated in that paper are the violations of "location 
privacy" and denial of service that disables the tags. With the RFID resource 
constraints in mind, the cryptography techniques proposed in [15] for develop- 
ing the RFID security mechanisms are: (a) a simple access mechanism based 
on hardware-efficient one-way hash functions, low-cost traditional symmetric 
encryption schemes, randomizing tag responses based on random number gen- 
erator; (b) integrating RFID systems with a key management infrastructure. 
Regardless of the mechanisms used for privacy and access control, management 
of tag keys is an important issue. The new challenge in the RFID system design 
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is to provide access control and key management tools compatible with the tags 
cost constraints. 

An adversary model adapted to RFID protocols is introduced in [1J. Many 
existing privacy protecting RFID protocols are examined for their traceability. 
Traceability is defined as the capability of the adversary to recognize a tag which 
the adversary has already seen, at another time or in another location pp. The 
traceability is stated as a serious problem related to the privacy protection in the 
RFID systems. The paper concludes that in a realistic model, many protocols 
are not resistant to traceability. 

• Security protocols based on low cost arithmetic computations. 

The research survey in [11] examines different approaches proposed by researches 
for providing privacy protection and integrity assurance in RFID systems. In 
order to define the notions of "secure" and "private" for RFID tags, a formal 
model that characterizes the capabilities of potential adversaries is proposed. The 
author states that it is important to adapt RFID security models to cope with 
the weakness of the RFID devices. A few weak security models which reflect real 
threats and tag capabilities are discussed. A "minimalist" security model which 
serves low-cost tags is introduced in [12]. The basic model assumption is that 
the potential RFID adversary is necessarily weaker than the one in traditional 
cryptography. Besides, such an adversary comes into scanning range of a tag only 
periodically. The minimalist model aims to take into account the RFID adversary 
characteristics. Therefore, this model is not perfect, but it eliminates some of the 
standard cryptographic assumptions that may be not appropriate for deployment 
in other security systems which are based on a more powerful adversary model. 
The author of [T2] states that standard cryptographic functionality is not needed 
to achieve necessary security in RFID tags. 

• Protocols overview. 

Existing techniques and secure protocols proposed for implementation in existing 
RFID systems arc described next. 

An inexpensive RFID tag known as Electronic Product Code (EPC) tag is 
proposed in [TU] to protect against RFID tag cloning. Basic EPC tags do possess 
features geared toward privacy protection and access control mechanisms, nev- 
ertheless they do not possess explicit authentication functionality. That is, EPC 
standards prescribe no mechanism for RFID-EPC verifiers to authenticate the 
validity of the tags they scan. The authors show how to construct tag-to- verifier 
and verifier-to-tag authentication protocols. 

However, the security analysis of the Digital Signature Transponder (DST) 
RFID tags is described in [3] . The authors present in detail the successful strat- 
egy for defeating the security of an RFID device known as Digital Signature 
Transponder. The main conclusion of [3] is that the DST tags are no longer 
secure due to the tags weakness caused by the inadequate short key length of 
40 bits. Note that it is possible to increase the computational security level by 
increasing the length of the key. Still the resulting scheme will not be informa- 
tion theoretic secure but only computationally secure. Hence, it is of interest 
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to design a proactive information theoretic secure scheme within computational 
secure scheme as we do in the sequel. 

We also detail a new way to use watermarks technique to cope with IIMA 
even for the case there is only one message sent during a communication ses- 
sion (unlike [12 8J where the exchange of three messages is required). The new 
scheme is based on expanding each message to be a codeword with error correct- 
ing bits. Thus, enforcing an attacker to change at least a number of bits equal to 
the minimal Hamming distance between two codewords. In addition watermarks 
bits are produced by pseudo-random sequence and inserted in the message in 
specific locations defined by pseudo-random sequences. The operations for pro- 
ducing watermarked messages are based only on xor operations and the usage 
of pseudo-random sequences, rather than using cryptographic hash functions. 
Note that one can use symmetric authentication scheme to obtain mutual au- 
thentication of the Tag and the Verifier. The mutual authentication scheme 
allows the Verifier to produce random bits for the Tag, as well. Obviously, com- 
putational security "envelop" can be implemented for the symmetric version 
as well, resulting in a proactive computational secure symmetric scheme. We 
present in detail the one sided authentication, for readability purposes. 

Our contribution. Our goal in this paper is to design new algorithms for 
providing authentication for the computationally limited basic RFID systems 
with a small amount of storage capability. 

We propose a new security protecting model that is information theoretic and 
computationally secure. The security power of the basic and combined authen- 
tication protocols is provided by maintaining at the Tag and the Verifier's sides 
n-dimensional vector ARV . The appropriate vector-entry is used as the secret 
key for performing the authentication procedure by the RFID Tag. The vector 
ARV is updated by performing xor of corresponding entries with randomly cho- 
sen new n dimensional vector at any communication session. Our work is mostly 
related to the schemes presented in [5] and filed as patent [7J. In this paper we 
present here an equivalent solution that maintains only a vector of n numbers 
instead of 0(n 2 ) numbers. In addition we present a new algorithm that uses 
randomization in order to reduce the communication during a session from 0(n) 
numbers to 0(log n) numbers. 

The basic information theoretic secure protocol AP\ is based on the limited 
adversarial capabilities. The underlining assumption of this protocol is that the 
adversary is not listening in at least one of each n successive interactions between 
the Tag and the Verifier. In essence, AP\ protocol extends the "minimalist" secu- 
rity model in [12] and the assumptions made in |18j . The underlying assumption 
of AP\ is that each communication session is atomic. We mean that the adver- 
sary cannot modify part of the communication in a session. The adversary may 
cither listen in the communication during a session, or try to communicate (on 
behalf of the RFID Tag) during an entire session. This is a common situation in 
the case of personal identification, when an adversary cannot be present when 
the user is. Compared with [12] our scheme is not based on an oracle which 
provides the number of sessions in which the adversary listens in following the 
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last refresh. Our scheme works when we do not know explicitly which session the 
adversary is not listening in. In other words, |12j needs to identify such a ses- 
sion in order to renew the security level in this session while our scheme renews 
the security level without the need to identify such a particular secure session. 
Moreover, the security failure in a certain session does not bear on successful 
implementation of the next sessions since our algorithms are proactive. 

A proactive information theoretic security scheme is proposed. According 
to [4] proactive security provides a method for maintaining the overall security 
of a system, even when individual components are repeatedly broken into and 
controlled by an attacker. The automated recovery of the security is provided 
by our scheme. The scheme is based on the assumption that the information 
exchanged during at least one of every n successive communication sessions is 
not exposed to an adversary. The vector is refreshed by pairwise xor—ing entries, 
with a new vector of n entries that is randomly chosen by the Tag and sent to 
the Verifier as a part of each communication session. 

The general case in which the adversary does not listen in k > 1 sessions 
among any n successive communication sessions is also considered. We prove 
an n ■ (k + 1) lower bound for the number of random numbers required when a 
deterministic version of our scheme is used. The lower bound is on the number of 
new random numbers used during any n successive communication sessions. In 
other words we prove that any deterministic algorithm will use at least n ■ (k + 
1) random numbers during any n successive communication sessions. Then we 
present a randomized scheme that uses only logarithmic in n random numbers in 
each communication session, assuming the adversary does not listen in a bounded 
fixed portion of any n successive communication sessions. 

The restriction imposed on the adversary is dropped in the combined proac- 
tive computational secure protocol AP 2 that operates successfully even if the 
adversary has gotten access to any number of successive_interactions between 
the Tag and the Verifier. We extended AP 2 to a version AP 2 that does not rely 
on atomic sessions and is computationally resistant against active IIMAs. The 
proactive combined computational secure protocol has several advantages. 
Low computational cost combined with a high security level. Our al- 
gorithms continuously use random numbers generator as a source for preserving 
the security level ([9]). Low computational power is required compared with the 
standard cryptographic techniques like stream and block ciphers. 
Protocols' robustness. Our proactive computational secure protocol is not 
based on the refreshing procedure as suggested in [T2] . The refreshing procedure 
in [12] provides the complete initialization of the protocol's secure parameters 
assuming there is an oracle that identifies sessions in which the adversary is not 
listening in. Namely, the refresh is done via a secure channel. Our model pro- 
vides high computational security level by involving a trusted party only during 
initialization, without identifying a particular session as a secure session. 
Functionality in the proactive mode. Any listening adversary's success 
and consequent protocol's security failure do not affect further functionality of 
the protocol. Recovery from a failure (assuming non fatal effect of failures) is 
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automatic. That is to say, assuming that no fatal damage is caused when the ad- 
versary reveals the clear text, the future communication security is established. 
Possibility of proactive information theoretic security within computa- 
tional security. Our second protocol AP2 assumes that if the adversary was not 
listening in at least one session among n consecutive sessions between the RFID 
Tag and the RFID Verifier, the proposed protocol automatically becomes infor- 
mation theoretic and computationally secure and therefore the original security 
level is established. Thus, an adversary that starts processing the communica- 
tion information in order to break the computational security based scheme, will 
have to start from scratch after any session the adversary did not listen in. This 
fact can be used, in turn, to reduce the number of random bits used with relation 
to an only computational secure scheme. Assume that there is some probability 
for value of n to be the correct number of sessions for which the adversary does 
not listen in at least one session. Assume further that there is a larger definite 
upper bound, n' > n, that may depend on a stricter consideration, (say battery 
lifetime) . In such a case it is possible to tune the computational security level of 
AP2 to fit the need to secure the sessions in which the protocol is not informa- 
tion theoretic secure, taking in account the probability that the adversary will 
indeed be present in n! (or less) successive sessions. 

High level of the computational resistance against active IIMAs. Se- 
curity against IIMAs of the updated AP2 is achieved by means of the low cost 
xor-b&sed techniques of the redundant coding [17] and digital watermarking [2] . 
The techniques used by AP2 loosens the assumption on the atomicity of any 
session. A protocol that is resistant to IIMAs is proposed in [12] . The protocol is 
based on the three-way mutual authentication procedure between the RFID Tag 
and the RFID Verifier. The protocol's computational security power is achieved 
by means of one-time pads that encapsulate the secret keys, and by the con- 
stant keys updating in each communication session. Another such protocol that 
is based on three message exchanges in each session is proposed in 8J. This 
protocol is provably secure based on the hardness of the Learning Parity in the 
Presence of Noise problem. Compared with [12] and [8] our AP2 protocol can be 
used for one way authentication with only one message exchange for session, or 
two-way authentication using two messages. Thus, our scheme is also applicable 
in the cases in which the RFID Verifier does not send messages to the RFID 
Tag. 

We believe that our protocols are useful in several domains including remote 
keys, e.g., automobile security system, in particular the mutual authentication 
versions of our protocols. 

Paper organization. The formal system description appears in Section [2] The 
basic information theoretic secure protocol AP\ is introduced in Section [3] The 
case in which the adversary does not listen in k > 1 sessions of any n successive 
sessions is investigated in Section^] The combined computational secure protocol 
AP2 is described in Section [5] The improved resistant against Intruder-in the- 
Middle Attack AP2 protocol is introduced in Section [6] The Conclusions in 
Section [7] complete the paper. 
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2 Security Model for RFID Tags 

We consider the (RFID) Tag and the (RFID) Verifier. The Tag and the Verifier 
communicate by sending and receiving messages according to their predefined 
programs, that form together a communication protocol. We denote the i th mes- 
sage sent by the Tag and by the Verifier as Sj and , respectively. The sequence 
of alternating messages M = S\, r%, s 2 , r 2 , ■ • ■ sent during the course of the pro- 
tocol execution can be divided into non overlapping subsequences, so that each 
subsequence S% = Si k , Ti k is called communication session. The union of the com- 
munication sessions forms the entire sequence of messages M. Each S% starts with 
a message sent by the Tag and ends when the Verifier decides to send a message 
r.i k — Open or ri k =DoNotOpen. In fact, the Open message can be viewed as an 
electrical signal to the door of the car. Any message Sk sent by the RFID Tag is 
defined as a key message. Actually, the message represents a change in the 
state of the Verifier which corresponds to the Tag authentication as the one that 
may enter to use a resource. 

We assume a Byzantine adversary that listens in part or in all of sequence 
M and may try to send complete messages on behalf of the Tag. The goal of the 
adversary is either making the Verifier send message r = Open or driving the 
Verifier into a state after which the Verifier will not send the message r = Open 
to the Tag. Given the features of the proposed model, we describe basic and 
combined authentication protocols. The first basic authentication protocol AP\ 
is the proactive information theoretic secure protocol. The information theoretic 
security feature of this protocol is provided by the assumption that within any 
n consecutive communication sessions = Sj t , , • • • Si n = Sj n , there is at 
least one message Si k sent by the RFID Tag which the adversary is not aware of. 
The strict limitation imposed on the adversary is relaxed in the combined com- 
putational secure protocol AP 2 . The security power of AP\ and AP 2 protocols is 
based on random numbers generation and their updating at each communication 
session. AP\ and AP 2 are introduced and analyzed in the next sections. 

3 Proactive Information Theoretic Secure Protocol 

The proactive theoretic information secure protocol AP\ is described in Figure 
Q] Denote the accumulated random vector as Ai?V[l..n] and the last random 
vector that updates ARV vector during the i — th communication session as 
LRV l [l..n\. 

At the initialization stage the Tag and the Verifier both get a unique vector 
ARV[l..n] (lines 1-2). In order to perform the authentication procedure, the 
Tag starts the communication session and passes to the Verifier the key message 
si = (ARV [n] , LRV 1 [1 . .n] ) (lines 6-8, Protocol for RFID Tag). 

After transmitting the first key message si, the Tag and the Verifier, respec- 
tively, initialize ^4i?V[n] to zero and update ARV[l..n] vector by calculating xor 
of each entry with the corresponding entry of LRV 1 [l..n]. 

During the next authentication session the Tag and the Verifier repeat the 
same procedure: the Tag generates a new random n-dimensional vector 
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LRV 2 [l..n], and sends the newly generated key message 

S2 = (ARV[n — 1], LRV 2 [l..n]), where the value in ARV[n — 1] serves as the 
key. Then the new accumulated random vector ARV"[l..n] is equal to the xor 
of the accumulated random vector used at the previous communication session, 
with the newly generated new random vector LRV 2 [l..n]. 

The Verifier generates the response message r 2 as either Open or DoNotOpen 
(lines 8, 10). 

The authentication procedure is repeated continually scanning the vector 
ARV[l..n] entries (one after the other) and updating ARV[l..n]'s entries by 
initializing the lastly sent value to and calculating xor of its entries with the 
corresponding entries of the newly randomly generated vector. After each i th 
authentication success both the Tag and the Verifier, respectively, initialize the 
ARV[\..n] entry used mi—th authentication session, to 0. The vector ARV[l..n] 
is updated by calculating xor of each entry with the corresponding entry of the 
vector LRV l [l..n]. Note that LRV l [l..n] has been previously randomly gener- 
ated by the Tag and has been sent to the Verifier in the message Sj_i. The 
updating procedure and calculation of xor for the corresponding ARV[l..n) en- 
try are described in lines ul-u5. 

In order to confirm the correct authentication, the RFID Verifier executes 
the authentication procedure in the following manner: upon receiving the key 
message Si = [ARV[n — {i — 1)], LRV l [l..n]) the Verifier verifies that ARV[n — 
(i — l)]'s value is the correct (n — (i — l)(mod(n))) th entry. If so, the Verifier 
confirms the correct authentication, "transmits" to the Tag the message j-j = 
Open and updates the vector ARV[l..n] (lines 4-9, Protocol for RFID Verifier). 
Otherwise, the Verifier "transmits" to the Tag the message = DoNotOpen 
and does not update the vector ARV[l..n}. 

Assume that during the course of executing AP\ it holds that in any sequence 
of alternating messages M = s\, n, S2, T2, ■ ■ ■ the following condition is satisfied: 
in any n-length sequence M of alternating messages between the Tag and the 
Verifier there is at least a single message Sj k not captured by the adversary. 
Assume that in order to break the security system of the RFID Verifier, the 
adversary performs authentication procedure on behalf of the RFID Tag. To 
do so in any S*j h communication session the adversary has to forge the key 
message Sj i , namely, to correctly guess the value of the corresponding (n — (ji — 
l)(mod(n))) th entry of ARV[l..n]. 

Assume that the single unknown to the adversary key is the n th entry of 
ARV[l..n], namely ARV[n] and the appropriate vector is Li?V 1 [l..n] that has 
been sent by the Tag in the message S\ — (ARV[n],LRV 1 [\..n\) during the first 
communication session. 

After transmitting the first key message S\ the Tag and the Verifier update 
the vector ARV[l..n] according to the updating procedure described in lines 
ul-u5. 

Note that in the next trial the Tag will send to the Verifier the updated 
(n — l) th ARV's entry that is equal to ARV[n — 1] used in the previous com- 
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End of key message reception 
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Updating procedure 
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ARV[keyentry] = 
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ARV[keyentry] = 
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for all j 1 < j < n 


u3: 


for all j 1 < j < n 


u4: 


ARV[j] = ARV[j] © 


u4: 


ARV[j] = ARV[j] © LRV[j] 


u5: 


i := i + 1 


u5: 


i := i + 1 



Fig. 1 : Proactive Information Theoretic Secure Protocol AP\ . 



munication session, xor — ed with (n — 1) — th entry of the new last randomly 
generated vector LRV 2 . 

Now vector yli?l / [l..n] is equal to the previous one with the initialized entry 
ARV[n - 1] = xor - ed with the vector LRV 2 [l..n]. The vector ARV[l..n] 
updating is done by the Tag and the Verifier in each successful communication 
session. 

The AP\ authentication protocol is information theoretic secure. This means 
that the probability that the adversary will forge the key message and perform 
the communication session on behalf of the RFID Tag successfully, is 2~' which 
is negligible for a long enough I, where I is the number of bits of the entry in the 
vector ARV. 

The following Theorem proves that the introduced protocol is information 
theoretic secure. 

Theorem 1 AP\ protocol is information theoretic secure with a security pa- 
rameter I that is related to the number of bits in a key message, and proactive 
under the following assumptions: 

(i) The information exchanged during at least one of every n successive commu- 
nication sessions is not exposed to an adversary; 

(ii) Each session is atomic. 
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Proof: The AP\ information security feature is based on the fact that at any 
authentication step i the following conditions hold: (a) the RFID Tag and the 
RFID Verifier maintain the same vector ARV[l..n}; (b) The Tag and the Verifier 
are synchronized in the sense that both the Tag and the Verifier perform the 
authentication procedure using as a key the same n — (i — l){mod{n)) entry; (c) 
the vector ARV[l..n] shared by the Tag and the Verifier contains at least one 
entry unknown to the adversary. 

The proof continues by induction over the session number i. 
Basis of induction i = 1: 

(a) As it has been mentioned above, the first key message 

si = (ARV[n], LRV 1 ) at the first communication session S\ contains ARF[n] 
that is unknown to the adversary. Evidently, the Tag and the Verifier maintain 
the same vector ARV[l..n] that has been defined at the initialization stage when 
the adversary was not present. 

(b) The Tag and the Verifier are synchronized because the first key message 
that the Tag sends to the Verifier and that the Verifier expects to receive is 
Ai?T^[n] which is the n th entry of the vector ARV[l..n] . 

(c) Due to the initialization procedure, the vector ARV[l..n) granted to both 
the Tag and the Verifier, is entirely unknown to the adversary. 

Induction step: (a) Assume that during every i < n communication sessions 
the Tag and the Verifier maintain the same vector ARV[l..n]. Then the vector 
j4i?V r [l..n] shared by the Tag and the Verifier during the next i,i>n commu- 
nication session will differ from the previous one by appropriate initializing of 
the used n — (i — \)(mod(n)) — th entry of ARV[l..n] and respective xor — ing 
of each ARV[l..n] — th entry with the corresponding entry of the vector LRV 1 
that has been sent to Verifier in the previous communication session. 

(b) Assume that during any i < n communication session the Tag and the 
Verifier agree on the same ARV[l..n] th entry n— (i — l)(mod(n)) that is the basis 
for constructing the key message. Then, at the next (i + \) th communication 
session the entry number is reduced by 1 mod(n). As a result, the basis for 
constructing the key message at the Tag and the Verifier' sides, respectively, is 
the same ARV's n — (i — 2){mod(n)) entry. 

(c) For i < n all the entries of the ARV vector in each communication 
session Sj among i communication sessions Si , . . . , Si are unknown to the ad- 
versary. The induction assumption is correct due to the initialization procedure 
performed by the Tag and the Verifier, respectively. In addition, for any i > n 
the basic condition that for each i th communication session ARV [l..n] th entries 
are unknown to the adversary also holds. It is based on the assumption that 
among any n successive communication sessions there is at least a single session 
that the adversary was not eavesdropping. 

Let us prove the information theoretic feature of AP\ . Assume, that among 
n successive communication sessions Si,Si + \, ...Si +n -\ the adversary was aware 
of a certain Si+k session. In order to provide the authentication procedure on 
behalf of the Tag during any insecure communication session Si+k+j from n — 1 
following insecure sessions Sj+fc+i, Si + k+2, ■■■ Si+fc+n-i sessions, the adversary 
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has to correctly guess the n — (i + k — l)mod n entry of the vector LRV l+k [l..n] 
that securely refreshed Ai?V[l..n] of the Tag and the Verifier, respectively during 
Si + k ■ Assuming the uniform distribution of the bits in the entry, the probability 
that the adversary will correctly guess the n — (i + k — 1) entry, is equal to 2~ z , 
where / is the number of bits in the entry. 

The AP\ proactive feature is proven in the following way. Assume that the 
adversary has gotten access to the whole vector ARV[l..n). Assume that in the 
j th communication session Sj that follows this security failure, the adversary was 
not listening in to the message Sj sent by the RFID Tag. In essence, during any 
of the following (j + i) th session, i > 1 each ARV[l..n] th entry is xor — ed with 
corresponding entry of the LRV^ . Note that the adversary was not listening in 
LRVK Therefore, the basic condition, that within n consecutive messages sent 
from the Tag to the Verifier there is at least a single message unknown to the 
adversary, is restored. As a result, the information theoretic security feature of 
APi is regained. 

Assume that the adversary tends to drive the RFID Verifier to a deadlock 
state after which the Tag will not be able to cause the Verifier to send a message 
r=Open. Due to the session atomicity assumption, in order to do so the adversary 
must corrupt the vector ARV, say, by inserting a new value in ARV entry on 
behalf of the RFID Tag. Nevertheless, the adversary will fail in this attempt 
because in order to insert a new entry in the vector ARV the adversary has to 
authenticate himself or herself on behalf of the RFID Tag. The message Sj that 
the adversary has to send to the Verifier must include the correct ARV s entry. 

■ 

As a matter of fact, AP\ has two parameters. The first parameter is vector' 
ARV size n. The larger n is, the weaker the assumption about the adversary 
is. The price paid for large n is the additional memory used in the restricted 
memory size of the RFID devices. The second secure parameter is the number 
of bits / of an entry in ARV . The longer ARV ' s entries are, the smaller the 
probability for the adversary to guess the correct key is. 

Note that when the assumption concerning one session in each sequential 
session, in which the adversary does not listen in, is violated, then the adversary 
can drive the system into a deadlock by, say, replacing ARV's entries, by entries 
unknown to the Verifier. 

4 Generalizing the Private Sessions Definition 

This section generalizes the 1 out of n private communication session assumption. 
Consider the cases in which k > 1 out of n successive sessions are private, namely 
the adversary is not listening in k out of any n successive sessions. In such cases 
the number of random numbers sent in each communication session may be 
reduced. First we prove a lower bound on the total number of random numbers 
which should be sent during n successive sessions. 

For proving a lower bound on the number of random numbers that should be 
sent during n successive sessions, consider schemes for which the vector-entries 
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that are chosen to be refreshed by random numbers which are specified by a 
deterministic function. A vector entry is refreshed by xor — ing a new random 
number to the current vector entry or assigning the entry by a random number. 
We show that at least n ■ (k + 1) new random numbers should be used during 
any n successive communication sessions. 

Consider any n successive communication sessions. There are n — k sessions 
in which the adversary may listen in. Since we assume that the adversary knows 
the scheme, the scheme must introduce at least n — k + 1 refreshes for each 
vector-entry between any two successive usages of a vector-entry. Thus the total 
number of refreshes in n successive sessions is at least n • (n — k + 1) which implies 
at least n — k + 1 or more refreshes in a single session. 

The above lower bound is based on deterministic choices of a refresh sequence 
which is known to the adversary. In fact it is possible to use a randomized scheme, 
in which the vector-entries that are chosen to be refreshed by random numbers, 
are randomly chosen. Assume that the adversary does not know the identity of 
the randomly chosen vector-entries that are refreshed during the communication 
sessions the adversary is not listening in. We show that it is possible to send only 
(2n/fc)(log7i) random numbers in each session. Thus, for a given (say, bounded 
by a constant) fraction of private communication pcf = n/k, the number of 
random numbers that need to be sent in n successive communication sessions, 
is reduced from n ■ (n — n/pcf + 1) to In ■ pcf ■ logn. Note that when pcf is a 
constant these numbers are 0(n 2 ) and O(nlogn), respectively. 

The randomized scheme chooses in each communication session 2 log n vector- 
entries and sends 2 log n random numbers to be xor — ed with the corresponding 
vector-entries, sending the indices of the chosen vector-entries as well. We show 
that each entry is refreshed with high probability during the k private commu- 
nication sessions that immediately precede it. 

We now show that the probability that at least one refresh for each vector- 
entry takes place, is close to 1. The probability that a certain entry is not re- 
freshed is less than (1 — l/rt) 2nlog ™ (the inequality is due to the fact that dur- 
ing one communication session no vector-entry is refreshed twice). Given that 
(1 - l/n) 2nlosn < e - 21 °s™ = 1/n 2 , it holds that the probability that all vector 
entries are refreshed is greater than 1 — E" =1 l/n 2 = 1 — 1/n. 

5 Combined Computational Secure Protocol 

We now allow the adversary to listen in any session between the RFID Tag and 
the RFID Verifier. Our purpose is to enhance the basic proactive information 
theoretic secure protocol AP\ . 

As in the AP\ case, both the Tag and the Verifier get the initial n-dimensional 
vector ARV in the initialization stage (Figure^ lines 1-4). In addition k (a small 
number much less than 2 k ) bits different commands keywords are granted to the 
RFID Tag and the RFID Verifier, respectively. These commands will be executed 
by the Verifier upon the Tag authentication. In the sequel, when no confusion 
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Fig. 2: Proactive Computational Secure Protocol AP 2 . 
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is possible the keyword used in this paper is Open; the DoNotOpen keyword is 
used to refer to the situation in which the keyword is not a valid command. 

During the first authentication session the Tag executes the following en- 
cryption procedure: New vector row LRV[\..n] is also created as in the proac- 
tive information theoretic secure protocol case. The n th ARV's entry ARV[n] is 
used as a seed for the generation of the pseudo-random sequence prs of length 
m = n ■ I + k, where k is the keyword length and / is the length in bits of each 
ARV vector entry. See [2], Chapter 12 for possible choices of the generation 
mechanism of the pseudo-random numbers. 

The Tag creates a new vector row Y that should be sent to the Verifier in 
the first authentication message. Y is equal to xor of the previously generated 
pseudo-random sequence prs with vector LRV 1 concatenated with the keyword: 
Y\ = prs © (LRV 1 1| keyword) (Figure [2] lines 5-12). Eventually, the secure infor- 
mation encapsulation is provided. The first key message sent from the Tag to 
the Verifier during the first communication session is si = Y (Figure O Protocol 
for RFID Tag, line 13). It is assumed that both the Tag and the Verifier know 
the pseudo-random sequence procedure that produces prs. 

Upon receiving the message s\ = Y the Verifier decrypts s\ by calculating 
Y © prs. If the decrypted suffix of the string is equal to the predefined string 
keyword, then the Verifier authenticates the Tag and returns the message r% — 
Open to the Tag. The updating of the vector ARV is provided by the prefix 
of the decrypted string as in the basic information theoretic secure protocol. 
Otherwise, the message r\ = DoNotOpen is sent to the Tag (lines 5-16, RFID 
Verifier). The Updating procedure is described in lines ul-u4. 

During any i th authentication session Si,i = 1, 2, . . . the message Si sent by 
the Tag equals the xor of the pseudo-random sequence prs with the updated i th 
stage accumulated random vector ARV concatenated with the keyword string. 
Here prs is the pseudo-random sequence generated by the seed = X [key entry] © 
seed, while the initial seed value is initialized to zero and keyentry — n — (i — 
l)mod n. LRV is a newly generated random vector that updates the vector ARV . 
It should be noted that the keyword and the one way function that generates 
the pseudo-random numbers can be known to the adversary. The computational 
security of the designed APi protocol is provided by means of the random seed 
generation in each session. Moreover, the recursive reuse of the seeds used in 
the previous communication sessions enhances the security of APi where the 
adversary never listens in. 

As a matter of fact, the seed X[l] used in the first communication session 
5*i is unknown to the adversary. The reason is that the adversary had not been 
present at the initialization stage. Therefore, the initial ARV's entries are not 
available for the adversary. The seed updating is performed continuously in each 
communication session. Hence, the adversary does not get enough time to guess 
the secret seeds by observing the transmitted messages. 

In essence, the encryption scheme is based on the message encapsulation by 
means of the One Time Pads techniques (e. g., [16]), whereas the pads are cre- 
ated by pseudo-random sequence using a randomly created seed defined by the 
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updating procedure of the vector ARV. The following theorem proves the cor- 
rectness of AP2- 

Theorem 2 The AP2 protocol is proactive computationally secure under the 
assumption that each communication session is atomic. The security parameters 
are yield by the one way function used to produce the pseudo random sequence 
and by the the seed length. 

Proof: Assume that the adversary is listening in all communication sessions 
, ■ ■ • , Si n between the Tag and the Verifier. Even though the one way function 
/ which generates the pseudo-random sequence is available to the adversary, 
calculating its invert / _1 is computationally infeasible . Hence, correct prediction 
of the seed and the corresponding pseudo-random sequence c for the next 

communication session Si n+1 that the adversary wishes to provide in order to 
break the security system, is computationally infeasible. The probability of the 
adversarial success is determined by the probability to invert / function. 

The Verifier confirms the Tag authentication at each i th communication ses- 
sion by revealing the keyword string from the received decrypted message Sj. 
If the decrypted keyword string is correct, then the Verifier accepts the Tag's 
correct authentication. 

We now prove the proactive feature of AP2 . Assume that the adversary has 
successfully broken the security system and has gotten access to the whole vector 
ARV. Hence, the adversary can correctly calculate the seeds that should be used 
in the following sessions. However, after the first session in which the adversary 
is not present, AP2 satisfies the conditions of the information theoretic secure 
protocol AP\. As a result, the information theoretic and computational security 
features are restored. 

■ 

The AP2S parameters that define the pseudo-random sequence length are 
the number of entries of ARV- n, the number of bits of an entry in ARV- I, and 
the keyword length- k. 

Note that it is possible to use the pseudo-random sequence only once in every 
n successive sessions, reducing the processing required in the rest n — 1 out of 
n sessions. One may view the session that uses the pseudo-random sequence as 
a computational way to ensure that the adversary does not listen in (or able to 
decrypt the communication) at least in one session in every n successive sessions. 

6 Resistance Against Intruder-in the Middle- Attack 

In this section we upgrade the computationally secure protocol AP2 in order 
to be able to cope with the Intruder in the Middle Attack (IIMA), see e. g., 
[16] , This type of attack is possible when the intruder captures the encrypted 
messages sent by the RFID Tag to the RFID Verifier and uses the captured 
messages by replacing a modified version of them. Such IIMA may drive the 
protocol to a deadlock state. We relax the assumption concerning the atomic- 
ity of each communication session coping with adversarial success in performing 



16 



Shlomi Dolev, Marina Kopeetsky and Adi Shamir 



IIMA that may immediately lead the RFID Tag to change the basic vector ARV. 
As a result, the Verifier enters a deadlock state after which it will be unable to 
send the message Open. In order to strengthen the AP2 protocol against the 
IIMA we propose to use digital watermarking [5] and redundant coding [T?] . 
Note that we do not use any cryptographic hash function as in the Message Au- 
thentication Code (MAC) schemes such as [16]. The extended computationally 
resistant against IIMA AP2 protocol is defined in the following way. As in the 
AP2 case the encryption key is derived from the basic vector ARV . The seed 
Xj calculated from the corresponding vector-entry and from the seeds used in 
the previous sessions, is divided now into four independent seeds Xj, Xj, Xj, 
and Xj. Each seed Xj, k = 1, . . . , 4, generates a corresponding pseudo-random 
sequence c 3k . The RFID Tag implements the following encryption scheme: 

Let m be a total length in bits of the encapsulated encrypted message Sj 
of AP2 , where m = nl + k as was defined in Section [5j v be the total num- 
ber of the watermarks w\ , . . . , w v added to Sj , d m i n be a Hamming distance of 
the appropriate error detection code, and q be the number of redundant bits 
ri , . . . , r q used to extend the bits of the message defined by AP2 to form a legal 
codeword. Actually, the total length of the key message Yj sent during any j th 
communication session is equal to t = m + q + V. The resulting t bits message is 
sent during the j th authentication session. Sj has the following structure: 
Yj = 7T Xt ((LRVmkeyword)®(c j 1 1 ,. . . ,c&)||(n, . . . r g )©(cf , . . . ,cf )||K, . . .,w v )). 
Here ir X i determines the pseudo-random permutation of the concatenated string 

((LRVqkeyword) ® (c{\. . . , c£)\\( ri , . . . r q ) © (cf , . . . , (%)\\{w x , w v )). 

The pseudo-random sequence c 31 encapsulates the newly generated random 
string LRV 3 concatenated with the keyword string as in the AP2 case. The 
basic random string LRV 3 concatenated with the keyword string is extended 
by error detection redundancy bits to form a legal codeword. The redundant 
bits r\, ■ ■ ■ ,r q are located after the sub-string (LR V 3 \\key word) in the message. 
The pseudo-random sequence c 32 generated from the seed Xj encapsulates the 
redundant bits r%, ■ ■ ■ ,r q . The pseudo-random sequence c 73 generated from the 
seed Xj determines the watermarks w\, . . . ,w v values that are located after the 
code redundant bits in the composed string message, c 33 is created as v bits 
length sequence, while each watermark is 1 bit in length. Finally, the pseudo- 
random sequence c 34 generated from the seed Xj determines the pseudo-random 
permutation it of the composed string that includes the string (LRV 3 \ \key word) 
encapsulated by c 31 , redundant bits ri,...,r q encapsulated by c 33 , and the un- 
protected watermarks. It should be remembered that c 34 should produce a per- 
mutation for t = m + q + v bits length sequence (in fact Xj may deterministically 
define a permutation as suggested in [5])- 

The advantage of this approach is that the original string (LRV 3 \\keyword) 
and the corresponding redundant bits r\, ■ ■ ■ ,r q are encapsulated and, therefore 
protected in an independent way. The redundant code that can be effective in 
the key string protection against IIMA must have a sufficiently large Hamming 
distance [17] . Assume that the adversarial goal is to corrupt the key message and 
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to change the transmitted vector that should update the vector ARV. In order to 
succeed in his/her attempt, the adversary must change the original string, that 
is, change a correct codeword, to another correct codeword string. The larger 
the code Hamming distance is, the smaller the probability for the adversary to 
succeed without changing watermarks. 

Any linear block code with a large Hamming distance may fit. The great 
advantage of linear codes is that they can be easily implemented in hardware 
based on Linear Feed-Back Registers [17] • Since our schemes are based only on 
xor and pseudo-random sequences, we consider the code which is based on the 
composition of log(nl) xor checks [13] . This code is defined as the composition 
of log(nl) parity checks while the redundant bits in each dimension are equal to 
the xor of the corresponding bits of the (LRV 3 \\keyword) string. The Hamming 
distance of this composed code is equal to log(nl) + 1 [13]. The code's construc- 
tion is as follows: the original string is represented as the Zo(7(ni)-dimensional 
hypercube while the redundant parity check bits are added in each dimension. 
The overhead of the redundant bits is equal to q = log(nl) ■ ,09( ™ ,)+ -\/(nZ) io9 (™^ . 

The resistance against IIMA of the extended AP-i protocol is based on the 
following observations. 

Assume that the adversary has changed the bits of a certain message Sj = Yj 
that has been sent by the RFID Tag during the communication session Sj. Let 
us evaluate the probability Pa of the adversarial success. 

Assume that the encryption scheme is well known to the adversary. The 
unique information that is not recovered by the adversaey is the Xj number and 
the seeds Xj, X?, X^, Xj generated from it. 

The seed Xj produces a pseudo-random sequence; hence, from the adver- 
sarial point of view any bit has the same probability of being a watermark. 
Therefore, the probability that the adversary will corrupt a watermark while 
changing the bits of Sj is equal to a = j. In order to successfully change the 
part of the original message Sj, the adversary has to corrupt at least d m i n bits 
of Sj that are the random bits of (LRV J \\keyword). Based on the assumption 
concerning the uniform distribution of the watermark bits, the probability of 
the adversarial succeess is bounded by Pa < (1 — a) dmin . Pa may be as small 
as possible by choosing large enough vector ARV dimension n, number of the 
artificially inserted watermarks v, and number of redundant bits q used to obtain 
a large Hamming distance d m in between any two codewords. 

Note that there is a trade-off between the n, k, v, I, and d m i n values and 
minimization of Pa- Let us consider the following example. Assume that the 
artificially inserted watermarks occupy half of the encrypted message providing 
a = h. Assume that the redundant code is the composition of log(nl) xor-based 
parity check codes. Then the code minimal distance is d m i n = log(nl) + 1. The 
probability Pa of the adversarial success is evaluated as: 
Pa < (I)'°9( n 0+i — _L_, ;p or large enough n and I, Pa will be negligible. 
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7 Conclusions and Extensions 

We presented a secure authentication protocol that is based on the assumption 
that among any n consecutive interactions between the RFID Tag and the RFID 
Verifier there is at least a single session in which the adversary was not listening 
in. This model is not perfect; nevertheless it takes into account the restricted ca- 
pabilities of the real world RFID adversary. Actually, AP\ provides information 
theoretic security guarantees. 

The AP2 protocol loosens the assumption of the RFID adversary's weakness. 
It provides computational security in a proactive manner. The computational 
security of AP2 is provided by involving basic arithmetic operations and using 
small size memory. The larger are the vector' ARV entries, the generated pseudo- 
random sequence is closer to a real random sequence ([14]). 

The updated protocol AP2 provides computationally secure resistance also 
against IIMAs, loosening the session atomicity assumption. Its computational 
security power strictly depends on n the size of the vector ARV, the overhead of 
the artificially inserted watermarks, and error detection power of the redundant 
code. 

Note that one can use symmetric authentication scheme to obtain mutual 
authentication of the Tag and the Verifier. For example, we may double the 
number of entries in the vectors of the Tag and the Verifier and use one entry to 
authenticate the Tag and the next entry to authenticate the Verifier. The mutual 
authentication version may support production of random numbers by one or 
both sides. In case of one sided production (say by the Verifier) the random 
number that should be used by the Tag is sent to the Tag as part of the message 
from the Verifier. 

If a specific application requires the Tag and the Verifier's synchronization, 
our protocols should be extended by the Automatic Repeat Request (ARQ) 
mechanism. The current session number should be sent by the Tag as part of 
the encrypted authentication message, and the Verifier has to ACK the reception 
of the authentication message with a certain number in an encrypted manner, as 
well. In order to keep the Tag and the Verifier in synchronous state, the session 
sequential number and the ARQ mechanisms should be carefully incorporated 
in the presented protocols. 

The AP\ and AP2 protocols can be used in the case of multiple RFID Tags 
and a single RFID Verifier. In order to provide secure communication the RFID 
Verifier has to store different vectors and to share a unique vector with each 
RFID Tag. As a matter of fact, the limitations imposed on the number of RFID 
Tags are only related to the limited storage capabilities of the RFID Verifier. 
Acknowledgment. We thank Ari Juels for helpful remarks. 
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